Mobile phone applications have quickly become a part of our daily lives. To date, there are over 2.6 million applications on the Google Play store alone. In this article we will be looking at reverse engineering Android applications to find hard coded credentials. These credentials, in a real life scenario, would likely be hard coded API keys.
Burp Suite Pro is arguably one of the most popular Web application testing tools available, and one that I myself have used for many years. It provides a variety of powerful automated and manual tools to interrogate applications and identify vulnerabilities. Yet there are certain tools within Burp Suite that most testers seldom use. One such tool is called ‘Sequencer’, a powerful automated solution for finding weaknesses in the ‘randomness’ of token values.